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AMENDMENT 



In the Claims 



1. (Currently Amended) A computer-implemented method for configuring and 

scheduling a security audit of a computer network comprising the steps of: 

conducting a discovery scan to identify an element of the computer network and 

determine the element's fimctions and assigning a n asset value fnr the element, wherein the asset 

value indicates the relativ e importance of the element in the netwrtrk • 

conii^ring an audit scan to perform on the element, wherein the audit scan is a 

broadg moro thorough scan than the discovery scan; 

scheduling a time to perform the audit scan on the element; ^ 
rumiing the audit scan of the element at the scheduled time; 0- 
calculating a security score for the element based on the audit scan by summing 8 

one or more vulnerabilities associated with the element; and HI 
scheduling another time to repeat the audit scan on the element, the scheduling ffi 

based on the results of the audit scan and the security score 3 

I 

2. (Original) The method of Claim 1, further comprising the step of configuring a ^ 
subsequent audit scan of ttie element that is diflFerent from the audit scan. 



3. (Original) The method of Claim 1, further comprising the step of receiving a 
blackout time during which no audit scan can be scheduled. 

4. (Original) The method of Claim 1, wherein the step of conducting a discovery 
scan further comprises identifying the function of the element. 

5. (Previously Amended) The method of Claim 1, wherein the step of conducting a 
discovery scan further comprises identifying the one or more vulnerabilities associated with the 
element. 
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6. (Canceled) 

7. (Original) The method of Claim 6, wherein the asset value is modified based on 
the audit scan. 

8. (Original) The method of Claim 1, further comprising the step of receiving a 
manually selected asset value for the element. 

9. (Original) The method of Claim 1, wherein the step of configuring an audit scan 
comprises selecting a type of audit scan based on the discovery scan. 

10. (Original) The method of Claim 1, wherein the step of configuring an audit scan 
comprises: 

retrieving an asset value based on the discovery scan; 

retrieving a scan frequency associated with the asset value, wherein the scan 
frequency indicates how often the scan is performed; and 

assigning a role based on the discovery scan, wherein the role indicates the 
function of the element; and 

assigning a poUcy based on the discovery scan, wherein the policy indicates the 
type of audit scan. 

1 1. (Original) The method of Claim 1, wherein the step of configuring an audit scan 
comprises manually selecting the type of audit scan. 

12. (Original) A computer-readable medium having computer-executable instructions 
for performing the steps recited in Claim I. 



-3- 
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13. (Cuirentfy Amended) A computer-implemented method for configuring and 
scheduling a security audit of a computer network comprising the steps of: 

conducting a discovery scan to identify an element of the computer network and 
assigns an asset value for the element, w herein the a.«;set value indicates the relative importance 
of the element in the network : 

configuring an audit scan to perform on the element; 

scheduling a time to perform the audit scan on the element; 

running the audit scan at the scheduled time on the element; and 

calculating a security score for the element based on the audit scan by summing 
one or more vulnerabilities associated with the element. 



14. (Canceled) 



15. (Original) The method of Claim 13, fiuiher comprising the step of scheduling 
another time to perform the audit scan on the element. 

16. (Original) The method of Claim 13, further comprising the step of receiving a 
blackout time during which no audit scan can be scheduled. 



17. (Previously Amended) The method of Claim 13, wherein the step of conducting a 
discovery scan fiuther comprises identifying at least one of the fimctions or the one or more 
vukerabilities associated with the element. 



18. (Canceled) 
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19. (Original) The method of Claim 13, wherein the step of configuring an audit scan 
comprises: 

retrieving an asset value based on the discovery scan; 
retrieving a scan fi-equency associated with the asset value; and 
assigning a role and a policy based on the discovery scan. 

20. (Original) The method of Claim 13, wherein the step of configuring an audit scan 
comprises manually selecting the type of audit scan. 

21 . (Previously Amended) A computer-readable medium having computer-executable 
instructions for performing the steps recited in Claim 13. 
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22. (Currently Amended) A method for assessing the security of a network 
comprising the steps of: 

receiving an initial scan identifying a network element and the fiinction of the 
network element and assi gning an asset value for the network element, wherein the asset vahie 
indicates the relative importance of th e network element in the nelwnrlf ; 

selecting an audit scan to perfonn on the network element, the selection based on 
the initial scan, wherein the audit scan is broader aa ero thorough than the initial scan; 

scheduling the audit scan to perform on the net^vork element; 

performing the audit scan on the network element at the scheduled time; 

receiving data from the selected audit scan of the netwoik element; and 

conq)uting a security score for the network element from the selected audit scan 
by summing one ormore vulnerabilities associated with the network element. 

23. (Original) The method of Qaim 22, further comprising modifying the selected 
audit scan; said modification based on the data received from the selected audit scan. 

24. (Currently Amended) The method of Qaim 22, wherein the step of receiving an 
initial scan comprises: 

identifying an operating system for the network element; 

identifying a service for the network element, the service indicating the element's 

function; 

dotomiininA m i aocot valuo of thn . . mUu..tV «in^.^. iv ^^ n thr . - rp rrnti ng n jrcto m irnj 
fhe Dor^^oo of the not^vork oloiuent, the ofloot vah i o indicating tli o rol nt ivo impQilaii .u u f gi o 
a etwrork olomont; and 

identifying at least one vulnerability associated with the network element. 

25. (Original) The method of Claim 22, wherein the step of selecting an audit scan is 
based on the initial scan. 
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26. (Original) The method of Claim 22, wherein the step of selecting an audit scan is 
based on a manual input. 

27. (Original) The method of Claim 22. wherein the step of scheduling the audit scan 
comprises checking a blackout schedule. 

28. (Canceled) 

29. (Original) A computer-readable medium having computer-executable instructions 
for perfimning fhe steps recited in Claim 22, 
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30- (Currently Amended) A method for assessing the security of a network 
comprising the steps of: 

receiving an initial scan identi^ng.a.netwwk element and assigning an asset 
value for the network element, wh erein the asset value indicates the relative importance of the 
network element in the network: 

selecting an audit scan to perform on the network clement, said selection based on 
the initial scan; 

performing the selected audit scan on the networic; 

receiving data from the selected audit scan of the network element; and 

computing a security score for the network element from the selected audit scan 

by summing one or more vuhierabilities associated with the network element. 

3L (Origioal) The method of Claim 30, further comprising the step of scheduling the 
selected audit scan, said scheduling based on the initial scan. 

32. (Original) The method of Claim 30, further comprising modifying the selected 
audit scan, said modification based on the data received from the selected audit scan. 

33. (Currently Amended) The method of Claim 30, wherein the step of receivmg an 
initial scan comprises: 

identifying an operating system and a service for the network element; 
d etermming on aocot voluo of tho notwork olomont from the oporating ayotom and 
tho sor^ico of tho not^vork olomo i ity and 

identifying at least one vulnerability associated with the network element. 

34. (Original) The method of Claim 30, wherein the step of selecting an audit scan is 
based on the initial scan. 



35. (Original) The method of Claim 30, wherein the step of selecting an audit scan is 
based on a manual input. 
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36. (Original) The method of Claim 30, wherein the step of scheduling the audit scan 
comprises checking a blackout schedule. 

37. (Canceled) 

38. (Original) A computer-readable medium having computer-executable instructions 
for performing the steps recited in Claim 30, 
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39. (Currently Amended) A system for configuring and $cheduling a security audit of 
a computer network comprising: 

the computer network; 

a security audit system operable for conducting a discovery scan to identify an 
element of the computer network and assigning an asset value for the element, wherein the assent 
value indicates the relative importance of the element in the TietwnrV configuring and scheduling 
an audit scan of the element, and computing a security score for the network element fiom the 
selected audit scan by summing one or more vulnerabilities associated with the network element; 
and 

a console operable for receiving infoimation fiom the security audit system and 
transmitting information to the security audit system about the discovery scan and the audit scan. 

40. (Currently Amended) The system of Claim 39, wherein the security audit system 
is fiirther operable for conducting a discovery scan to: 

identify a iimction for the element; 
dotwmin e on ncoot valuo for tho olamont; and 
identify at least one vuhierability for the element. 

41. (Original) The system of Claim 39, wherein the security audit system checks a 
blackout schedule before scheduling an audit scan. 

42. (Previously Amended) The system of Claim 39, wherein the security audit system 
further comprises a system scanning engine operable for detecting particular one of the 
vulnerabilities on the network element. 

43. (Origmal) The system of Claim 39, wherein the security audit system further 
comprises an Internet scanning engme operable for performing a discovery scan on the network. 
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44. (Previously Amended) The system of Cfaiiii 39, wherein the security audit system 
further comprises a database scanning engine operable for detecting vuhierabilities associated 
with database elements within the network. 

45. (Original) The system of Claim 39, wherein the security audit system further 
comprises an active scan engine operable for selecting, coordinating, and scheduling various 
discovery and audit scans to be perfoimed on the computer networic. 
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